Actually this is the "ARP Vulnerability" problem. The person in your network uses the mechanism on MITM (Man in the Middle) attack to create a route so that the packets that u receive/send is intercepted by him, thus enabling it to sniff your packets. As far as I know this vulnerability has not been resolved because the ARP protocol is "trusting" , which means it does not validate ip-mac pair. Only way to stop is get him off the LAN :)
I don't quite understand your question. When he's sniffing, there should be no change on the ARP table of your machine. Is he sniffing (reading packets as they go through the network), or is he scanning (sending probes and/or strange packets to other machines)?
发布评论
评论(2)
实际上这就是“ARP 漏洞”问题。您网络中的人使用MITM(中间人)攻击机制创建一条路由,以便您接收/发送的数据包被他拦截,从而使其能够嗅探您的数据包。据我所知这个漏洞尚未得到解决,因为ARP协议是“信任的”,这意味着它不验证ip-mac对。 唯一阻止的方法就是让他脱离局域网:)
Actually this is the "ARP Vulnerability" problem. The person in your network uses the mechanism on MITM (Man in the Middle) attack to create a route so that the packets that u receive/send is intercepted by him, thus enabling it to sniff your packets. As far as I know this vulnerability has not been resolved because the ARP protocol is "trusting" , which means it does not validate ip-mac pair. Only way to stop is get him off the LAN :)
我不太明白你的问题。当他嗅探时,你机器的 ARP 表应该没有变化。
他是在嗅探(在数据包通过网络时读取数据包),还是在扫描(向其他机器发送探测和/或奇怪的数据包)?
I don't quite understand your question. When he's sniffing, there should be no change on the ARP table of your machine.
Is he sniffing (reading packets as they go through the network), or is he scanning (sending probes and/or strange packets to other machines)?